Latest zero day attack in the wild

If you’re reading this with Internet Explorer on a Windows machine, don’t. The Windows animated cursor zero-day attack that was coming through on IE 6 and 7 running on fully patched Windows XP SP2 is now also hitting Windows 2000, Server 2003 and Vista. As F-Secure advises, better to use some other combination.

Proof-of-concept code for the attack was released after business hours on Friday, according to SANS.

Blocking .ani files won’t help. SANS has picked up reports of the vulnerability being exploited in the wild with .ani files renamed as JPEGs.

The company still hasn’t provided a patch. The vulnerability is a candidate for inclusion in the CVE (Common Vulnerabilities and Exposures) list, having been assigned the label CVE-2007-0038 (previously also CVE-2007-1765).Although there currently is no official patch, a SANS handler has posted instructions on detecting and filtering out .ani file exploitation attempts. eEye provided a temporary patch, although the company recommends updating to Microsoft’s patch when it’s out.

That’s a pretty significant vulnerability, and there’s just not a way to deal with it in a manner that would leave me comfortable.Ã‚Â I highly recommend Mozilla or Opera for the Windows-bound, although you have to remember that no matter what browser you use, there will be vulnerabilities at times.Ã‚Â In this case, it’s a matter of reducing your exposure.